Skip to main content
SpringerLink
Log in

Enhanced Password-Based Authentication Mechanism in Cloud Computing with Extended Honey Encryption (XHE): A Case Study on Diabetes Dataset

  • Conference paper
  • First Online:
Advances in Computer, Communication and Computational Sciences

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1158))

Abstract

The recent advancement on cloud technologies promises a cost-effective, scalable and easier maintenance data solution for individuals, government agencies and corporations. However, existing cloud security solutions that exclusively depend on conventional password-based authentication mechanism cannot productively defence to ongoing password guessing and cracking attacks. Recent HashCat attack would brute be able to compel any hashed eight-characters-length secret key that comprises of any blend of 95 characters in less than 2.5 h. Several trivial approaches such as two-factor authentication, grid-based authentication and biometric authentication mechanisms have been enforced recently as an additional or optional countermeasure of defending password guessing and cracking attacks. These approaches, be that as it may, can be frustrated with an ongoing malware assault that capable of intercepting One-Time Password (OTP) sent to the mobile device. These stolen passwords often do not trigger any alerts and can be subsequently exploited to access other users’ cloud accounts (e.g. 61% of the users are utilizing the single secret key repeatedly to access different online records). To address these problems, this research aimed to implement an eXtended Honey Encryption (XHE) scheme for improving the assurance of conventional password-based authentication mechanism in cloud computing. At the point when the attacker tries to retrieve the patient’s diabetes information by speculating password, rather than dismissing their record access as a customary security defence mechanisms, the proposed XHE outputs an indistinct counterfeit patient’s record that closely resembles the legitimate patients’ diabetes information in light of each off base speculation on legitimate password. Along these lines, the implemented XHE scheme solidifies the multifaceted nature of password speculating and cracking assaults, as assailant cannot distinguish which of his speculated passwords is correct password. Then, a security message will be produced and delivered to alert the network administrator and security responses team. Furthermore, the potential implementation of the proposed XHE scheme can be aimed at improving the password-based authentication system in other networks, including but not limited to Internet of Things (IoT) and mobile computing.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. S.F. Tan, A. Samsudin, Enhanced security for public cloud storage with honey encryption. Adv. Sci. Lett. 23(5), 4232–4235 (2017). https://doi.org/10.1166/asl.2017.8324

    Article  Google Scholar 

  2. M. Jiaqing, H. Zhongwang, C. Hang, S. Wei, An efficient and provably secure anonymous user authentication and key agreement for mobile cloud computing. in Wireless Communications and Mobile Computing (2019), pp. 1–12. https://doi.org/10.1155/2019/4520685

  3. S.F. Tan A. Samsudin, Enhanced security of internet banking authentication with EXtended honey encryption (XHE) scheme. in Innovative Computing, Optimization and Its Applications ed by I. Zelinka, P. Vasant, V. Duy, T. Dao. Studies in Computational Intelligence vol 741 (Springer, Cham, 2018) pp. 201–216. https://doi.org/10.1007/978-3-319-66984-7_12

  4. W. Xiaoyun, F. Dengguo L, Xuejia Y. Hongbo, Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint Archive Report 2004/199, 16 Aug 2004, revised 17 Aug 2004. http://merlot.usc.edu/csacf06/papers/Wang05a.pdf

  5. M. Stevens, New collision attacks on SHA-1 based on optimal joint local-collision analysis. in Advances in Cryptology – EUROCRYPT 2013 ed by T. Johansson, P.Q. Nguyen. EUROCRYPT 2013. Lecture Notes in Computer Science vol 7881 (Springer, Berlin, Heidelberg, 2013), pp. 245–261. https://doi.org/10.1007/978-3-642-38348-9_15

  6. A. Leekha, A. Shaikh, Implementation and comparison of the functions of building blocks in SHA-2 family used in secured cloud applications, J. Dis. Mathe. Sci. Cryptograp. 22(2) (2019). https://doi.org/10.1080/09720529.2019.1582865

  7. D. Goodin, 25-GPU Cluster Cracks Every Standard Windows Password in < 6 Hours. (Arc Techica, 2012)

    Google Scholar 

  8. N. Hart, HashCat Can Now Crack An Eight-Character Windows NTLM Password Hash In Under 2.5 Hours (Information Security Buzz, 2019)

    Google Scholar 

  9. A. Mallik, M. Ahsan, M.Z. Shahadat, J.C. Tsou, Understanding Man-in-the-middle-attack through Survey of Literature. Indonesian J. Comput. Eng. Design 1, 44–56 (2019)

    Article  Google Scholar 

  10. V. Haupert, S. Gabert, How to attack PSD2 internet banking. in Proceeding of 23rd International Conference on Financial Cryptography and Data Security (2019)

    Google Scholar 

  11. Protenus 2019 Breach Barometer, 15 M + Patient Records Breached in 2018 as Hacking Incidents Continue to Climb (Protenus Inc and DataBreaches.net, 2019)

    Google Scholar 

  12. A. Juels, T. Ristenpart, Honey encryption: encryption beyond the brute-force barrier. IEEE Sec.Priv. IEEE Press New York 12(4), 59–62 (2014)

    Article  Google Scholar 

  13. A. Juels, T. Ristenpart, Honey encryption: security beyond the brute-force bound. in Advances in CryptologyEUROCRYPT 2014 ed by P.Q. Nguyen, E. Oswald. EUROCRYPT 2014. Lecture Notes in Computer Science vol 8441 (Springer, Berlin, Heidelberg, 2014), pp. 293–310. https://doi.org/10.1007/978-3-642-55220-5_17

  14. N. Tyagi, J. Wang, K. Wen, D. Zuo, Honey Encryption Applications, Computer and Network Security Massachusetts Institute of Technology. Available via MIT (2015). http://www.mit.edu/~ntyagi/papers/honey-encryption-cc.pdf Retrieved 15 July 2017

  15. Z. Huang, E. Ayday, J. Fellay, J.-P. Hubuax, A. Juels, GenoGuard: Protecting Genomic Data Against Brute-Force Attacks, IEEE Symposium on Security and Privacy (IEEE Press, California, 2015), pp. 447–462

    Google Scholar 

  16. J. Joseph, T. Ristenpart, Q. Tang, Honey Encryption Beyond Message Recovery Security (IACR Cryptology ePrint Archive, 2016), pp. 1–28

    Google Scholar 

  17. Pima Indians diabetes dataset, UCI Machine Learning Repository. Access Feb 2018

    Google Scholar 

  18. M. Edwin, S.F. Tan, A. Samsudin, Implementing the honey encryption for securing public cloud data storage. in First EAI International Conference on Computer Science and Engineering (2016)

    Google Scholar 

Download references

Acknowledgements

This work was supported by Universiti Malaysia Sabah grant [SLB0159/2017]. The authors also thank the anonymous reviewers of this manuscript for their careful reviews and valuable comment.

Author information

Authors and Affiliations

  1. Faculty of Computing and Informatics, Universiti Malaysia Sabah, 88400, Kota Kinabalu, Malaysia

    Tan Soo Fun, Zhi Ming Foo, Suraya Alias & Rayner Alfred

  2. Faculty of Medicine and Health Sciences, Universiti Malaysia Sabah, Kota Kinabalu, Malaysia

    Fatimah Ahmedy

Authors
  1. Tan Soo Fun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fatimah Ahmedy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhi Ming Foo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Suraya Alias
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Rayner Alfred
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tan Soo Fun .

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computer Science, University of Missouri–St. Louis, Chesterfield, MO, USA

    Sanjiv K. Bhatia

  2. Computer Science Engineering Department, ABES Engineering College, Ghaziabad, Uttar Pradesh, India

    Shailesh Tiwari

  3. Shanghai Advanced Research Institute, Pudong, China

    Su Ruidan

  4. National Institute of Technology Agartala, Agartala, Tripura, India

    Munesh Chandra Trivedi

  5. Computer Science Engineering Department, Motilal Nehru National Institute of Technology, Allahabad, Uttar Pradesh, India

    K. K. Mishra

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fun, T.S., Ahmedy, F., Foo, Z.M., Alias, S., Alfred, R. (2021). Enhanced Password-Based Authentication Mechanism in Cloud Computing with Extended Honey Encryption (XHE): A Case Study on Diabetes Dataset. In: Bhatia, S.K., Tiwari, S., Ruidan, S., Trivedi, M.C., Mishra, K.K. (eds) Advances in Computer, Communication and Computational Sciences. Advances in Intelligent Systems and Computing, vol 1158. Springer, Singapore. https://doi.org/10.1007/978-981-15-4409-5_6

Download citation

Publish with us

Policies and ethics

Search

Navigation